all InfoSec news
Attackers impersonate Romanian Gas Companies – OSINT Investigation
Malware Analysis, News and Indicators - Latest topics malware.news
In this blog post, we’re going to look at a campaign that reveals recently created domains impersonating known Romanian gas companies.
It all started with an ad on YouTube that featured a suspicious domain related to the legitimate RoEnergy Trade Fair. The ad was voiced in Romanian using an automatic translator. The website hosted on inf24roenergy[.]pro is shown in Figure 1.
Figure 1
Using VirusTotal, we could determine which IP address the domain resolves to:
Figure 2
By pivoting using …
attackers automatic blog blog post campaign companies domain domains fair featured gas impersonating investigation malware analysis osint trade translator youtube